Security In The Digital World Book Review

I’d like to share with you digital security advice from the book Security in the Digital World: For the home user, parent, consumer, and home office by Graham Day.

Security In The Digital World Book Review & Summary

To start our Security In The Digital World Book Review, we want to mention that this book has useful digital security advice for consumers and home offices. There are several helpful lists. Each chapter ends with a summary. This book wasn’t as engaging as other personal cybersecurity books I’ve read. It seemed a bit unorganized as well.

Author Graham Day spent more than a decade as a counter-intelligence and security specialist. Since then he has consulted in information security. He’s a CESG Certified Professional Security Information Risk Advisor and Certified Information Systems Security Professional (CISSP).

Here are my notes from each chapter.

Personal digital security top ten

1. Configure the ‘platform’ – or ‘secure your device’

• Configure security settings.
• Install anti-malware.
• Install updates and patches.

2. Manage your accounts

• Use difficult passwords.
• Use different login info for different accounts. Use multi-factor authentication whenever available.
• Don’t share login info.

3. Have a private life

• Don’t post private info online.
• Don’t post plans online (which could reveal when your home or you could be attacked).
• Don’t be afraid to ask friends to take down posts about you, or that tag you.

4. Be security aware

• Check the identification of senders and callers.
• Challenge requests of callers if you have doubts.
• Confirm with the organization that request is genuine.

5. Manage your information

• Only entrust your information to providers you trust.
• Regularly check your credit rating.
• Regularly search your name and names of family members.

6. Configure your browser

• Configure spam- and ad-blockers.
• Install Internet security software.
• Install a virtual private network (VPN) on portable devices.

7. Manage the home network and the Internet of Things

• Change default passwords on devices.
• Configure network security software.

8. Shop clever

• Check the security credentials of the site.
• Don’t save credit/debit card details on websites.
• Use different browsers for different tasks (e.g., finances versus leisure).

9. Security does not standstill

• Regularly review your security.
• Take action if you notice anything different in your online presence.
• Ask friends to inform you if they see anything online about you that you need to know about.

10. Think twice, click once

• Before doing anything online, consider its impact on you.
• Don’t take everything at face value; take a minute to check.
• Think before you click!

The how

Dealing with phishing

• Is the sender’s email address genuine?
• Does the content of the email match reality? E.g., do you have that account, or have you made that transaction?
• Type the site’s address in your browser’s address bar to go to the official site. Log into your account and see if it shows the same transactions or notifications mentioned in the email.
• Is the grammar and spelling correct? If a street or mailing address is shown, is it correct?
• Does it ask you to click a link? Never click a link in an email that you were not expecting or that you are suspicious of.
• Delete phishing emails. If prompted, create a rule to delete future emails like it.

Dealing with vishing (voice phishing)

• Don’t give personal or secret information to unknown callers.
• If the caller says they’re from an organization that manages your sensitive information, say you will call or visit your local branch to provide the information, instead of giving it over the phone.
• Don’t give in to manipulation or threats.
• Say it’s not a convenient time to speak and request a number you can call them back on. Ask for a reference number, the caller’s name, and the organization’s name.
• Use a different contact method to check whether the call is authentic. If you were emailed, then call the organization. If you were called, then email customer service. When you call, call the number on the organization’s website.
• Hang up.

Dealing with smishing (SMS/text message phishing)

• Don’t click links in text messages from unrecognized senders.
• Don’t click links in unexpected or unusual messages.
• Don’t open attachments unless you know the sender and are expecting the attachment.
• Call the sender to confirm they sent you the message.

Ransomware

• Don’t pay ransom. There’s no guarantee your information will be released or that the attackers haven’t left malware on your device for future use.
• Search for and apply the technical fix, if available.
• Keep data backed up.
• Keep all license codes that came with your device in case you need to reinstall the software.

Operating system – computers and laptops

macOS anti-malware

• Avast Security for Mac (free)
• Malwarebytes for Mac (free or paid)
• Sophos Home (free or paid)
• Avira Free Antivirus for Mac (free)

For Windows, check filehippo.com for ratings and reviews of free security software.

Home office

Home office security software

• Sophos Home for Macs and PCs
• Sophos UTM Home Edition (turns a dedicated computer into a security appliance)
• Free Avira and AVG security software

Test password strength with How Secure Is My Password?

Smartphones and tablets

Disable iPhone Analytics because that shares location info and other data.

iPhone security is more robust than Android security.

If you carry contactless cards, put them in an RFID-blocking sleeve/wallet/purse.

ATMs

• Use ATMs inside banks rather than on the street.
• Examine ATM for devices attached to the card reader or cash dispenser. Look for extra or unusual cameras.
• Never use an ATM when other people are lingering.
• If your card gets trapped in the ATM, call the bank. Stay at the ATM until the problem is resolved, if possible.

Internet of Things (IoT)

Home network hardware firewalls

• F-Secure SENSE
• Dojo

Before selling, donating, or disposing of IoT devices, reset to factory defaults. If not possible, destroy the hard drive.

Before you add any IoT device to your home, ask:

• Is the benefit of the device worth the risk?
• What do you need to do to manage the risk (e.g., change password, put in different places in the home)?
• Who can access the information on or from the device?
• Who can change the settings on the device?

Parental security

Parental controls

• Windows: see Set content restrictions on Windows 10 and Xbox One or set up a family account or search “parental controls”.
• Apple devices: see Set up parental controls on Mac
• Google Safety Center

Resilience

Backup tips

• Ensure your computer backs up to a device that isn’t permanently attached to it.
• Encrypt backups.
• Password-protect backups.
• Rotate between 2+ backup devices so you’re not reliant on a single device.
• Store backup devices in different locations so they’re not vulnerable to harm in the same location.

Security In The Digital World Book Review – Final Thoughts

If you found this summary helpful, then read the book, Security in the Digital World: For the home user, parent, consumer, and home office by Graham Day.

The Resources page has additional cybersecurity and privacy books.

What You Should Do

Here are the top tips I’ve selected from this book.

1. Configure the security settings in your devices and accounts.
2. Install updates and patches.
3. Use difficult (long and complex) passwords.
4. Use different login info (usernames and passwords) for different accounts.
5. Use multi-factor authentication whenever available.
6. Don’t post private info online.
7. Don’t post plans online (which could reveal when your home or you could be attacked).
8. Check the identification of senders and callers.
9. When you receive a request for info, confirm with the organization that the request is genuine. Use a different contact method to check whether the call is authentic. If you were emailed, then call the organization. If you were called, then email customer service. Use the contact info on the organization’s website.
10. Don’t click links in unexpected or unusual messages.
11. Don’t open attachments unless you know the sender and are expecting the attachment.
12. Keep data backed up.
13. Before using an ATM, examine it for devices attached to the card reader or cash dispenser. Look for extra or unusual cameras.
14. When you buy an Internet-connected device, do what you can to minimize the security risk. Change the password, think carefully about where it should be in your home, etc.
15. If you’re a parent, take advantage of parental controls. For Windows, see Set content restrictions on Windows 10 and Xbox One or set up a family account or search “parental controls.” For Apple devices, see Set up parental controls on Mac. See also the Google Safety Center.
16. Ensure your computer backs up to a device that isn’t permanently attached to it.
17. Store backup devices in different locations from the devices they back up, so the backups aren’t vulnerable to harm in the same location.